Protecting Children from Internet Pornographers Act of 2011

The Protecting Children from Internet Pornographers Act of 2011 (H.R. 1981) is a United States bill designed with the stated intention of increasing enforcement of laws related to the prosecution of child pornography and child sexual exploitation offenses. RepresentativeLamar Smith (R-Texas), sponsor of H.R. 1981, stated that, "When investigators develop leads that might result in saving a child or apprehending a pedophile, their efforts should not be frustrated because vital records were destroyed simply because there was no requirement to retain them."[1]

H.R. 1981 has been criticized for its scope and privacy implications.[2] Opponents of the bill, which include Electronic Frontier Foundation (EFF), the American Civil Liberties Union, and the American Library Association,[3] take issue with the violation of privacy that would necessarily occur if government could compel ISPs to render subscriber information.[4] Kevin Bankston, an EFF staff attorney, stated that "The data retention mandate in this bill would treat every Internet user like a criminal and threaten the online privacy and free speech rights of every American..., ".[5]

H.R. 1981 would introduce harsher penalties for offenders and make it a crime to financially facilitate the sale, distribution and purchase of child pornography.[7] The bill would also amend Section 2703 of the Stored Communications Act, requiring ISPs to retain user IP addresses thereby enabling identification of "corresponding customer or subscriber information" listed in subsection (c)(2) of 18 USC 2703,[9] for at least one year.[1] Retained information would include subscribers' names, addresses, length of service, telephone numbers, and means and sources of payment for services (including credit card or bank account numbers, if they were used to pay for service.) The bill does not introduce limits on subscriber information that may be retained by the ISPs and accessed by the government.[10] The bill also protects ISPs from civil actions resulting from the loss of data stored as a requirement of the bill.[11] The bill also requires the Attorney General to conduct studies related to the costs of compliance for service providers as well as the compliance standards implemented by service providers. The cost assessment would include hardware, software, and all personnel involved in the compliance and the compliance assessment would include a survey of the privacy standards implemented by the providers and the frequency of reported breaches of data.

Use of the data ISPs would be forced to retain under the bill would not be limited to investigations of child pornography, but would be available for law enforcement perusal for any issue, but only with probable cause and a warrant. However, issues involving unregistered sex offenders would allow for the use of an administrative subpoena, which is different from a warrant or judicial subpoena, and which does not require probable cause.[12] The bill does not grant the right to access subscriber records to any "person or other entity that is not a governmental entity."

The bill also does not provide extra funding to investigate or prosecute additional child pornography related cases.[5]

On July 12, 2011, the Sheriff of Bedford County, VA, provided testimony on H.R. 1981 before the United States House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security. In his testimony, Brown claimed that the growth of technology and the ability to claim anonymity has "enabled child pornography to become a worldwide epidemic" and made it more difficult for law enforcement to identify and prosecute child predators. Brown further reasoned that an Internet Service Provider (ISP) could retain client records for a limited span of time, ranging from a couple hours, days, or weeks, and that a lack of uniformity across ISPs "significantly hinders law enforcement's ability to identify predators when they come across child pornography." He then provided an actual account of when his county received a cybertip from the NCMEC involving an individual who posted that they were exposing themselves to a toddler. The only information he claimed law enforcement possessed was the IP address that was accessing a YAHOO Chat room through an nTelos wireless connection. During the investigation, law enforcement discovered that the ISP only retained the Media access control address and IP history for 30 days, a limit that foreclosed their opportunity to access investigative material. [13]

NCEMC, which created CyberTipline over a decade ago, reported that, "To date, more than 51 million child pornography images and videos have been reviewed by the analysts in NCMEC's Child Victim Identification Program" and it is estimated that "[Forty] percent or more of people who possess child pornography also sexually assault children" and H.R. 1981 "equips federal, state and local law enforcement agencies with the modern-day tools needed to combat the escalation in child pornography and child exploitation crimes." [14]

It has been suggested by critics including the Center for Democracy and Technology, that H.R. 1981 was framed as a child protection measure at least in part to make it more difficult for members of Congress to reject the bill.[15][16]

Even though only assigned IP addresses and certain subscriber data would be retained, some commenters, including the EFF and some editorialists, have suggested that the data could be used to deduce any given user's personal habits, including a detailed map of where they customarily are at any given point in a day.[17][20] The CDT also issued a comprehensive memorandum regarding the Data Retention Mandate in H.R. 1981, in which it detailed how data retention provisions in H.R. 1981 would raise issues concerning privacy and free speech, among the few other issues that the bill raises.[21]

Representative Zoe Lofgren, (D-Calif.), a vocal opponent of the bill, presented an amendment to rename the bill the "Keep Every American's Digital Data for Submission to the Federal Government Without a Warrant Act."[16] Rep. John Conyers (D-Mich.) also opposed it, saying "This is not protecting children from Internet pornography. It's creating a database for everybody in this country for a lot of other purposes."[10] She also argued that the bill's pertinence to "commercial" ISPs would allow criminals to circumvent legislation if they used the Internet anonymously in venues including Internet cafes or libraries.[22]

Lamar Smith, however, has defended the data retention requirements present in the bill in stating that, "Some Internet service providers currently retain these [IP] addresses for business purposes. But the period of retention varies widely among providers, from a few days to a few months. The lack of uniform data retention impedes the investigation of Internet crimes." Smith also stated that the number of child pornography cases has grown by 150% per year over the past ten years.[23]

Marc Rotenberg, president of the Electronic Privacy Information Center has gone on record for saying that "the bill's expansion of data retention is counter to the growing practice to limit data retention as a mechanism to counter security threats." In addition, Rotenberg also mentions that in fact, there is a strong movement towards minimization of data retention in the information security arena, and data retention is in direct conflict with that notion. Rotenberg concluded that data minization and not data retention is the best way to protect consumer privacy.[24]

On October 12, 2011 a report by the Congressional Budget Office on the financial impact of the bill was released.[8] This report stated that the cost to the government would be minimal and that the private companies providing Internet services would pay over $200 million in costs. Costs would include servers for storage of the user data.[8]

The Center for Democracy and Technology has issued a report suggesting that the cost of data retention would be much higher than the Congressional Budget Office report indicates, and would grow prohibitively expensive with ongoing trends in internet addressing.[25]

H.R. 1981 is similar to Canada's Protecting Children from Internet Predators Act which "requires Internet providers to acquire the ability to engage in multiple simultaneous interceptions and gives law enforcement the power to audit their surveillance capabilities. Should it take effect, the bill would create a new regulatory environment for Internet providers, requiring them to submit a report within months of the law taking effect describing their equipment and surveillance infrastructure. Moreover, they would actively work with law enforcement to test their facilities for interception purposes and even provide the name of employees involved in interceptions to allow for possible RCMP background checks." [26]